Researchers find (more) severe flaws in Diebold voting machines

A group of Princeton computer scientists has published a study that examines flaws and vulnerabilities in Diebold's AccuVote-TS voting machines. Complete with a video that demonstrates the ease with which the electronic voting machine can be compromised, the study provides chilling insight into the serious risk of election tampering and fraud created by modern voting technology. The vote-stealing demonstration software developed by the computer scientists "can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss."

The study reveals that "[m]alicious software running on a single voting machine can steal votes with little if any risk of detection," and that the software can be installed on a voting machine in only a minute by anyone that has physical access. The study also discovered that Diebold's AccuVote-TS systems can be targeted by self-propagating viruses "that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity." The computer scientists conclude that defects are present in the hardware of the AccuVote-TS as well as the software. Although some issues can be mitigated by software updates, the machines themselves will have to be replaced in order to eliminate some of the problems identified by the study.

The AccuVote-TS machines are designed to automatically install code from a removable memory card during the boot process. A virus embedded in a bootloader image file stored on a memory card will automatically infect any machine that is booted while the card is inserted. The virus written by the Princeton experts will automatically install itself on every memory card inserted into the machine during subsequent boot processes. So, when a technician tries to update an infected system, the memory card containing the update will be altered and the virus will be passed on to any other voting machine that the technician tries to update from that memory card.

The paper suggests several ways to mitigate potential voting machine problems. Requiring that all updates be digitally signed could potentially prevent unauthorized software from infecting and manipulating voting machines. Limiting physical access to memory cards and voting machines could also help prevent tampering. The paper cites a study conducted in 2006, in which researchers addressed issues like "lack of inventory control and gaps in the chain of custody," pointing out the need for policies that establish secure handling and management practices for voting machines. The paper also advocates parallel testing, system certification, and paper trails as other potential solutions.

Last month, we reported on election disruptions that occurred in Alaska as a result of Diebold machine defects. Yesterday, Johns Hopkins University computer science professor Avi Rubin wrote a blog entry about a day at the polls with the Diebold AccuVote-TS. Serving as an election judge in the Maryland primary, Rubin witnessed numerous Diebold machine voting failures and deficiencies firsthand. From missing access cards to dysfunctional electronic poll books to ineffective anti-tamper mechanisms, the machines were nothing but trouble. Machines crashed, refused to synchronize, and inaccurately reported whether or not a citizen had already voted. One of the most disturbing revelations of the day related to Diebold's business practices rather than the machines themselves. The Diebold representative assigned to the precinct had been hired the day before, and had only received a brief six hours of training in a massive session with 80 other people. The representative admitted to having virtually no familiarity with the hardware, and claimed that Diebold hired cheap contractors to do the job rather than well-trained technicians in order to save money. The representative, who didn't even know how to set the machines up, gave up and left in frustration halfway through the day.

The state of California banned Diebold voting machines, and sued the company for machine-related fraud after flaws were found in the AccuVote-TSx machines used in a 2004 election. The constant stream of discovered vulnerabilities and problems in real elections may finally compel other states to do the same. Diebold has not yet responded to our requests for a comment, but sources say that the company is attempting to pressure the Princeton group into retracting the study. In the past Diebold typically responds to criticisms of its voting machines by asserting that the systems operate securely when properly configured.